<?php

session_start();
include("function-access.php");

$username = $_POST["username"];
$password = md5($_POST["password"]);

$conn = connectSSO();

$sqlOpt = "SELECT * FROM tb_sim WHERE id_sim IN (SELECT id_sim FROM tb_opt)";
$queryOpt = mysqli_query($conn, $sqlOpt);
$barisOpt = mysqli_fetch_array($queryOpt);
$urlDomain = str_replace('http://', '', $barisOpt["url"]);

switch($_GET["op"]){
    case 'login' :
        if((isset($username))&& isset($password)){ 
            $sqlLogin = "SELECT * FROM tb_user WHERE username = '$username' AND password = '$password' LIMIT 1";
            $queryLogin = mysqli_query($conn, $sqlLogin);        
            $ada_user = mysqli_num_rows($queryLogin);
            
            if($ada_user>0){
                while($barisUser = mysqli_fetch_array($queryLogin)){
                    $sqlRole = "SELECT a.id_role FROM tb_user_role a
                                LEFT JOIN tb_user b
                                ON b.id_user = a.id_user
                                WHERE b.id_user = '$barisUser[id_user]' LIMIT 1";
                    $queryRole = mysqli_query($conn, $sqlRole);
                    $barisRole = mysqli_fetch_array($queryRole);

                    $sqlSim = "SELECT DISTINCT c.id_sim FROM tb_file a
                                LEFT JOIN tb_role_access b
                                ON b.id_file = a.id_file
                                LEFT JOIN tb_sim c
                                ON c.id_sim = a.id_sim
                                WHERE b.id_role = '$barisRole[id_role]' LIMIT 1";
                    $querySim = mysqli_query($conn, $sqlSim);
                    $barisSim = mysqli_fetch_array($querySim);

                    setcookie("c_iduser", base64_encode($barisUser["id_user"]), time() + 60*60*24*30, "/", ".".$urlDomain);
                    setcookie("c_type", base64_encode($barisUser["user_type"]), time() + 60*60*24*30, "/", ".".$urlDomain);
                    setcookie("c_pid", base64_encode($barisUser["pid"]), time() + 60*60*24*30, "/", ".".$urlDomain);
                    setcookie("c_idrole", base64_encode($barisRole["id_role"]), time() + 60*60*24*30, "/", ".".$urlDomain);
                    setcookie("c_islogin", base64_encode("true"), time() + 60*60*24*30, '/', ".".$urlDomain);
                    echo "sukses";
                }
            }
        }
        break;
    case 'logout' :
        session_destroy();
        if(isset($_COOKIE["c_iduser"])&&isset($_COOKIE["c_islogin"])){
            setcookie("c_iduser", null, time()-3600, "/", $urlDomain);
            setcookie("c_type", null, time()-3600, "/", $urlDomain);
            setcookie("c_pid", null, time()-3600, "/", $urlDomain);
            setcookie("c_idrole", null, time()-3600, "/", $urlDomain);
            setcookie("c_islogin", null, time()-3600, "/", $urlDomain);
            header("Location: http://$_SERVER[SERVER_NAME]");
        }
        break;
}

?>